Clorox is taking legal action against one of its IT vendors after a $380 million cyberattack last year—and the company claims the breach happened because the vendor’s help desk was handing out employee passwords like candy. According to Clorox, this basic security lapse made the hack shockingly easy to pull off.

Editor’s Note: This isn’t just another corporate hack story—it’s a glaring example of how sloppy security practices (even by third-party vendors) can leave companies wide open to attacks. If a giant like Clorox can get burned this badly by something as simple as poor password handling, it’s a wake-up call for any business relying on outside IT support. Expect more lawsuits like this as companies scramble to shift blame—and costs—onto vendors.

ExpressVPN just fixed a sneaky Windows bug that could have let outsiders peek at your remote desktop sessions—basically, your private work or browsing sessions weren’t as secure as they should’ve been. The patch plugs the hole, so users should update ASAP.

Editor’s Note: If you use ExpressVPN on Windows, this is a heads-up to grab the latest update. It’s not a five-alarm fire (no reports of exploits), but unpatched VPN flaws are like leaving your back door unlocked—better to shut it before someone notices. Shows how even trusted privacy tools need constant tweaks to stay safe.

A sneaky new malware called "Coyote" is targeting Windows users by hijacking built-in accessibility tools—the same features designed to help people with disabilities. Once it’s in, it lurks in your browser, waiting for you to visit crypto exchanges or banking sites so it can steal your login details. Basically, it’s turning helpful tech against you.

Editor’s Note: This isn’t just another phishing scam—it’s a clever (and scary) twist on malware that abuses trusted Windows features. If you’re online banking or trading crypto, this is a wake-up call to double-check your security setup. Cybercriminals are getting craftier, and old defenses might not cut it anymore.

Hackers are impersonating legitimate organizations—like a Belgian hospital—to send out fake Requests for Quotation (RFQs) for bulk orders of goods, tricking suppliers into shipping real products to criminals. It’s not just phishing for data anymore; they’re stealing actual physical items.

Editor’s Note: If you’re a supplier, double-check those big orders—even if they look legit. This scam shows how cybercrime is evolving beyond digital theft to real-world heists, putting businesses at risk of losing both money and inventory. Stay sharp.

Microsoft just patched three dangerous security holes in SharePoint that were actively being exploited by Chinese state-backed hackers. These "zero-day" vulnerabilities (meaning attackers found them before Microsoft could fix them) allowed cybercriminals to infiltrate systems. The article breaks down how organizations can install the critical updates to protect themselves.

Editor’s Note: If your company uses SharePoint, this isn’t something to ignore. Nation-state hackers are increasingly targeting business software, and unpatched systems are low-hanging fruit. While it’s good that Microsoft fixed the flaws, the bigger takeaway is how quickly sophisticated attackers weaponize these gaps—so updating isn’t just routine maintenance, it’s urgent damage control.

Scammers on Facebook are now posing as friends to trick people into paying for fake grants. The article shares a real-life example where a woman's account was impersonated, along with tips to protect yourself from similar scams.

Editor’s Note: This isn't just another vague warning—it's a real, evolving threat that could hit anyone who uses Facebook. Since we all trust messages from friends, this scam is particularly sneaky. The story matters because it shows exactly how these cons play out and gives practical advice to avoid falling victim.

Russia just tightened its internet controls—again. The government has made it illegal to use VPNs to access content they label as "extremist," treating it as an aggravated offense. This means harsher penalties for those caught bypassing restrictions, part of a broader crackdown on digital freedoms in the country.

Editor’s Note: If you're in Russia, the digital noose keeps tightening. VPNs were one of the last ways to skirt state censorship, but now using them to access banned material could land you in serious trouble. This isn't just about "extremism"—it's another step in silencing dissent and controlling what people see online. For the rest of the world, it's a stark reminder of how authoritarian regimes weaponize laws to choke free expression.

Russia might soon block WhatsApp, the country's most widely used messaging app, with officials reportedly saying there's a "99-percent chance" it'll get shut down. If that happens, millions of Russians could lose their go-to way to chat, call, and share media—unless they switch to alternatives.

Editor’s Note: This isn't just about losing an app—it's another step in Russia's tightening grip on digital communication. WhatsApp is a lifeline for many, from families staying in touch to small businesses coordinating deliveries. A ban would push people toward state-approved platforms, raising concerns about privacy and access to global services. It also shows how tech battles are becoming geopolitical flashpoints.

Law enforcement claims criminals are using Google Pixel phones running GrapheneOS—a privacy-focused operating system—to evade detection. But the article pushes back, arguing that strong privacy tools aren’t just for bad actors; they’re essential for protecting personal freedom in an era of mass surveillance.

Editor’s Note: This isn’t just a debate about crime-fighting tools—it’s about where we draw the line between security and liberty. If cops slam privacy tech just because criminals use it, that could justify sweeping surveillance measures affecting everyone. The story matters because it forces us to ask: Should we sacrifice privacy for safety, or can we have both?